Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Can Anonymous force its victims to reconsider their actions?

Hugh Thompson, an adjunct professor at Columbia and program committee chairman of the RSA Conference, got me thinking that, in the face of hacktivism, security these days also means deliberating business practices.

Perhaps If Sony knew now how Anonymous would react to the electronic giant's legal pursuit of accused PlayStation 3 hacker George Hotz, it would have looked the other way.

If Bay Area Rapid Transit (BART) knew that its decision to temporarily cut mobile service at four of its stations would result in naked photos of its communications director appearing online, it may have kept the web up and running for commuters.

And if handbag-maker Coach knew that its support of the very controversialStop Online Piracy Act (SOPA) would result in a group called UGNazi hijacking its DNS records to divert traffic elsewhere, maybe it would have kept its focus on satchels and clutches.

Sony, Coach and BART are just three names on a laundry list of recent "hacktivist" victims -- one which has been steadily growing over the last 12 months. As social movements such as Occupy Wall Street take hold on the streets to protest corporate and government wrongdoing, groups such as Anonymous seem to be guarding the cyber skies in the name of exposing and embarrassing its targets.

Within the security industry, much has been made of the new risk that hacktivism poses to organizations. So while organizations work to better equip themselves with the people, processes and technology to defend against this threat – all great measures, certainly – they may also want to consider an additional, and perhaps far simpler, tactic: conversation.

Hugh Thompson, the program committee chairman of the RSA Conference and an adjunct computer science professor at Columbia University in New York, thinks it makes sense for companies to, at the very least, weigh the consequences of their business decisions and practices as they face this new hacking phenomenon.

Last week, I chatted with Thompson about hacktivism, and he told me that organizations must adjust their security model to become more adaptable and nimble in the face of today's attacks. That means accepting that failure will happen and becoming more agile and competent in responding, all within the context of risk.

But decision-makers may also want to consider who they're going to tick off when they decide to do something, he said.

But they might become more proactive in their corporate strategy, at least. After all, in Sony's case, it was ultimately hit more than a dozen times, millions of users were impacted, its leaders publicly apologized, and it certainly suffered reputational harm, particularly when the PlayStation Network was offline for weeks. Even when it knew they were coming, Sony couldn't stop the hacks. It still can't.

"Maybe if it was today, [Sony] would have decided the other way," Thompson told me, referencing the Hotz lawsuit.

"The scope of security has to expand," he added. "The company really is in this ecoystem. Security is a huge function of targeting, as opposed to what you have done to defend your organization."

In other words, if you're not a target, you're probably in much better shape. That's not to say anyone should ever be forced to walk on egg shells – capitalism has dealt with its fair share of blows lately, but it still remains the foundation of our economic system. And some choices an organization makes just aren't going to be loved by everyone (or Anonymous). That's a fact of life.

But if having these boardroom conversations means an organization like Monsanto, for example, which was hacked last year by Anonymous, will become a more compassionate, principled and ethical player in our world than it currently is, I'm all for the shift in corporate mindset that may result from the threat of hacktivism.

Color me skeptical for now. The power elite are a difficult bunch to win over.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.